Timeline for Strategy for keeping secret info such as API keys out of source control?
Current License: CC BY-SA 3.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jun 6, 2016 at 14:30 | comment | added | David K. Hess | Ditto what @JianggeZhang said – this is dangerous advice | |
| Oct 3, 2015 at 16:44 | comment | added | Jiangge Zhang | Then how do we protect the key-publishing web service? Using another key? | |
| Jul 23, 2013 at 19:39 | comment | added | Reactgular | I've answered the question correctly, as have many others. The fact that you haven't accepted one of them implies you don't understand how to work with these keys. | |
| Jul 23, 2013 at 19:33 | comment | added | Ripped Off | This question is asking how to do that no, it absolutely does NOT. The fact is that these keys need to be used by code, therefore be accessed by code, and that usually means via code or configuration files, which if they aren't in source together they are at least close by and may accidentally end up in source. The hosted web app is nonsensical, unfortunately. You didn't have to apply for an api key to log into StackOverflow via your (hypothetical) facebook account. place key here is a massive oversimplification that won't work in dev->pub environments as is described in the Q. | |
| Jul 23, 2013 at 19:28 | history | answered | Reactgular | CC BY-SA 3.0 |